-
Notifications
You must be signed in to change notification settings - Fork 14
/
XProtectVersionCheck-swiftDialog.sh
executable file
·71 lines (56 loc) · 3.2 KB
/
XProtectVersionCheck-swiftDialog.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/bash
# Paths to the local XProtect Info.plists
local_bundle_info="/Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist"
local_app_info="/Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist"
# swiftDialog path
swiftDialog_command="/usr/local/bin/dialog" # Path to swiftDialog installation
# URL to the online JSON data
online_json_url="https://sofa.macadmins.io/v1/macos_data_feed.json"
user_agent="SOFA-dialog-XProtectVersionCheck/1.0"
# local store
json_cache_dir="/private/tmp/sofa"
json_cache="$json_cache_dir/macos_data_feed.json"
etag_cache="$json_cache_dir/macos_data_feed_etag.txt"
# ensure local cache folder exists
/bin/mkdir -p "$json_cache_dir"
# check local vs online using etag
if [[ -f "$etag_cache" && -f "$json_cache" ]]; then
if /usr/bin/curl --compressed --silent --etag-compare "$etag_cache" --header "User-Agent: $user_agent" "$online_json_url" --output /dev/null; then
echo "Cached e-tag matches online e-tag - cached json file is up to date"
else
echo "Cached e-tag does not match online e-tag, proceeding to download SOFA json file"
/usr/bin/curl --compressed --location --max-time 3 --silent --header "User-Agent: $user_agent" "$online_json_url" --etag-save "$etag_cache" --output "$json_cache"
fi
else
echo "No e-tag cached, proceeding to download SOFA json file"
/usr/bin/curl --compressed --location --max-time 3 --silent --header "User-Agent: $user_agent" "$online_json_url" --etag-save "$etag_cache" --output "$json_cache"
fi
echo
if [[ ! "$json_cache" ]]; then
title="XProtect Version Check"
icon="SF=network.slash"
message="WARNING: could not verify latest XProtect version."
"$swiftDialog_command" --title "$title" --icon "$icon" --message "$message" --info &
exit
fi
# Extract the local and online (latest) versions of XProtect using CFBundleShortVersionString
local_bundle_version=$(/usr/bin/plutil -extract CFBundleShortVersionString raw "$local_bundle_info")
echo "Local XProtect Version: $local_bundle_version"
latest_bundle_version=$(/usr/bin/plutil -extract "XProtectPlistConfigData.com\\.apple\\.XProtect" raw "$json_cache" | /usr/bin/head -n 1)
echo "Online XProtect Version: $latest_bundle_version"
local_app_version=$(/usr/bin/plutil -extract CFBundleShortVersionString raw "$local_app_info")
echo "Local XProtect Remediator Version: $local_app_version"
latest_app_version=$(/usr/bin/plutil -extract "XProtectPayloads.com\\.apple\\.XProtectFramework\\.XProtect" raw "$json_cache" | /usr/bin/head -n 1)
echo "Online XProtect Version: $latest_app_version"
# Compare the versions
message="XProtect version: $local_bundle_version (latest $latest_bundle_version)\n\nXProtect Remediator Version: $local_app_version (latest $latest_app_version)"
if [[ "$local_bundle_version" == "$latest_bundle_version" ]] && [[ "$local_app_version" == "$latest_app_version" ]]; then
title="XProtect versions are up-to-date"
icon="SF=lock.laptopcomputer"
else
title="WARNING: XProtect version mismatch"
icon="SF=lock.open.laptopcomputer"
message+="\n\nPLEASE CHECK FOR UPDATES"
fi
# Display the message using swiftDialog
"$swiftDialog_command" --title "$title" --icon "$icon" --message "$message" --info &